Software 'glitches' are not acceptable. Learn from aviation
AdaCore chief Robert Dewar calls for improvement
The term “glitch” is often used to describe an error in software, but the word itself undermines the severity of such errors, according to open source software company Adacore.
Only this year, a so-called software glitch was responsible for a substantial IT failure at the Royal Bank of Scotland (RBS), which meant that millions of customers could not gain access to funds in their bank accounts.
Events from the Wall Street Crash to Toyota's brake failings in 2009 have also been attributed to software glitches – trivialising the problem and implying that it can be reasoned away.
Related Articles on Techworld
According to Robert Dewar, president and CEO of AdaCore, however, there is no excuse for these outages. In the world of aviation, where failure is not an option, software glitches simply do not happen.
Speaking to Techworld, Dewar said that the banking sector can learn a great deal from ultra-paranoid industries like aviation, which use highly reliable programming languages such as Ada in their application development.
Adacore's main product, GNAT Pro, is a commercial-grade open source Ada development environment that supports all versions of the Ada language standard, and is used primarily by the military and aviation industry.
GNAT Pro underpins the UK’s Interim Future Area Control Tools Support (iFACTS) air traffic control system, implemented by Praxis in 2007, as well as the onboard computers on BAE Systems' Eurofighter Typhoon combat aircraft.
“We have never lost a life on a commercial aircraft due to a software bug in the entire history of commercial aviation,” said Dewar. “Nothing in Ada guarantees no bugs, but Ada comes with a safety culture.”
Ada is designed to make it easier to write safe and reliable applications. The syntax is simple, consistent, and readable, and uses English keywords such as “or else” and “and then” over symbols such as “||” and “&&”.
A large number of compile-time checks are also supported to help avoid bugs that would not be detectable until run-time in some other languages, or would require explicit checks to be added to the source code. This means there is less chance of a major failure after deployment.
Dewar has also helped to develop the DO-178B Software Considerations in Airborne Systems and Equipment Certification, which is used to determine if software will perform reliably in an airborne environment.
However, Dewar said that programmers do not have to be writing in Ada to write reliable code. While languages such as C and C++ are known to be problematic, there is no reason that applications written in these languages can't be just as reliable as those written in Ada.
It all comes down to carrying out comprehensive integration testing and using formal methods of proof to verify security before these applications are deployed, he said, as well as leaving a development trail so that errors can be easily traced back to their source.
“The highest levels of software need formal methods,” said Dewar. “We have to be able to enforce this level of checking.”
Ultimately, writing more reliable code will cut down on errors and reduce the risk of costly outages in most industry sectors. Before this can happen, however, people have to stop accepting that “glitches” are trivial and start demanding better software.
“You wouldn't excuse the crash of a jumbo jet by labelling it a glitch, so why the failing of a banking application?” he concluded.